A group of hackers associated with the North Korean regime have kept their efforts to extort cryptocurrencies alive in 2020.
The North Korean hacker group, which operates under the name “Lazarus”, attacked several crypto exchanges last year. According to a report published by Chainalysis.
One of the attacks involved creating a fake trading bot that was offered to employees of the DragonEx exchange. The results show that the perpetrators stole around $ 7 million in various cryptocurrencies from the Singapore-based exchange in March 2019.
The cybersecurity provider, Cyfirma warned in June of a massive cryptocurrency phishing campaign that could be launched by the North Korean cybercriminals group.
The campaign was said to target six nations and more than 5 million companies and individuals. There are currently no confirmed signs that the group plans to continue this massive attack.
Authorities sanction employees
The hacker group has also been known to steal the incredible $ 571 million in cryptocurrency since early 2017. According to a study by the cybercrime company Group-IB.
In March the Treasury Office of Foreign Assets Control (OFAC) sanctioned two accused Chinese citizens Wash cryptocurrencies that were stolen in an attack on a cryptocurrency exchange in 2018.
A new type of ransomware is emerging
On July 28, a study by the antivirus manufacturer and the malware laboratory was launched Kaspersky announced that Lazarus has created new ransomware. This new threat, known as VHD, is directed primarily against the internal networks of companies in the business sector.
James McQuiggan, Security lawyer at KnowBe4, He explained to Cointelegraph how VHD ransomware works:
“A virtual hard disk or virtual hard disk is a concept similar to a USB drive. Instead of physically plugging the USB drive into a computer port, the VHD file can be downloaded to a system to start the ransomware attack process. For cyber criminals, they don’t need physical access, just electronic access to download the file. This type of attack requires access to systems. By using external and vulnerable infrastructures or systems, they get the access they need. “
The group carries out individual operations
Kaspersky researchers speculated about the possible reasons for Lazarus’ solo operations:
“We can only speculate as to why they are now performing solo operations: they may find it difficult to interact with the cybercrime underworld, or feel that they can no longer afford to share their profits with third parties to share.”
Lazarus generally breaches a company’s network to encrypt its data. They then ask the victims for a ransom in cryptocurrency, with Monero (XMR) being preferred.